feat: 合并代码

restagent/restagent.go

@@ -9,8 +9,6 @@ import (
 	"strconv"
 	"strings"
 
-	_ "net/http/pprof"
-
 	"ems.agt/features/dbrest"
 	"ems.agt/features/fm"
 	"ems.agt/features/lm"
@@ -76,8 +74,8 @@ func HttpListen(addr string, router http.Handler) {
 	}
 }
 
-func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
-	HttpListenConfigTLS(addr, caFile, certFile, keyFile, router)
+func HttpListenTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
+	HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, router)
 	err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
 	if err != nil {
 		fmt.Println("ListenAndServeTLS err:", err)
@@ -85,7 +83,7 @@ func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler)
 	}
 }
 
-func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
+func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
 	// 加载根证书
 	caCert, err := os.ReadFile(caFile)
 	if err != nil {
@@ -96,9 +94,10 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
 
 	// 创建自定义的TLS配置
 	tlsConfig := &tls.Config{
-		MinVersion: 1,
+		MinVersion: tls.VersionTLS10,
+		MaxVersion: tls.VersionTLS13,
 		ClientCAs:  caCertPool,
-		ClientAuth: tls.RequireAndVerifyClientCert,
+		ClientAuth: tls.ClientAuthType(clientAuthType),
 	}
 
 	// 创建HTTP服务器
@@ -115,8 +114,8 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
 	}
 }
 
-func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string) {
-	HttpListenConfigTLS(addr, caFile, certFile, keyFile, nil)
+func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string, clientAuthType int) {
+	HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, nil)
 	err := http.ListenAndServeTLS(addr, certFile, keyFile, nil)
 	if err != nil {
 		fmt.Println("ListenAndServeTLS err:", err)
@@ -187,11 +186,6 @@ func main() {
 	uriGroup.Use(libSession.SessionHeader())
 	uriGroup.Any("/*any", gin.WrapH(routes.NewRouter()))
 
-	// 注册 pprof 路由
-	go func() {
-		http.ListenAndServe("0.0.0.0:6060", nil)
-	}()
-
 	// 开启监控采集
 	// monitor.StartMonitor(false, "")
 
@@ -200,7 +194,7 @@ func main() {
 		if rest.IPv4 != "" {
 			listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
 			if strings.ToLower(rest.Scheme) == "https" {
-				go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, app)
+				go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
 			} else {
 				go HttpListen(listen, app)
 			}
@@ -209,7 +203,7 @@ func main() {
 			// 默认启动localhost侦听
 			listenLocal := "127.0.0.1" + ":" + strconv.Itoa(int(rest.Port))
 			if strings.ToLower(rest.Scheme) == "https" {
-				go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, app)
+				go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
 			} else {
 				go HttpListen(listenLocal, app)
 			}
@@ -218,7 +212,7 @@ func main() {
 		if rest.IPv6 != "" {
 			listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
 			if strings.ToLower(rest.Scheme) == "https" {
-				go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, app)
+				go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
 			} else {
 				go HttpListen(listenv6, app)
 			}
@@ -240,7 +234,7 @@ func main() {
 		http.Handle("/", fs)
 		for _, listen := range conf.WebServer.Listen {
 			if strings.ToLower(listen.Scheme) == "https" {
-				go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile)
+				go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile, listen.ClientAuthType)
 			} else {
 				go HttpListenWebServer(listen.Addr)
 			}